zoukankan      html  css  js  c++  java
  • Data Protection


    According to ASP.NET Key Management:

    Deleting a key is truly destructive behavior, and consequently the data protection system exposes no first-class API for performing this operation.

    Is the expired key still being used to unprotect data previously protected by that key even that key is expired?


    Are the expired key kept forever even it might not have any more data protected by it?


    Is it a bad practice to delete the key even it is not needed to unprotect any data?

    I think currently we need it for the cookie authentication only. The worse case of deleting the key is the user may need to relogon.

    What else from ASP.NET Core need the data protection by default?


    Is the expired key still being used to unprotect data previously protected by that key even that key is expired?
    Yes.


    Are the expired key kept forever even it might not have any more data protected by it?
    Yes, because we have no way of knowing how you used it, or whether any data still exists.


    Is it a bad practice to delete the key even it is not needed to unprotect any data?
    Probably not, but you as the developer can use data protection for your own data. We can't know whether you did or not.


    What else from ASP.NET Core need the data protection by default?
    Parts of OAuth login flow, session and temp data. But those are really short lived.

    原文链接

  • 相关阅读:
    第九周上机作业
    购物商城
    安卓第四周作业
    第十五周作业
    第十三周作业-集合
    第十三周上机练习
    第十二周作业
    上机练习 5.21
    java第十一周作业
    java第十一周上机练习
  • 原文地址:https://www.cnblogs.com/OpenCoder/p/10347757.html
Copyright © 2011-2022 走看看